Encrypt a file using KMS and push to S3
Question
I have a AWS lambda function written in Python that needs to create a file using data in a string variable , KMS encrypt the file and push the file to S3.
s3_resource = boto3.resource("s3")
s3_resource.Bucket(bucket_name).put_object(Key=s3_path, Body=data)
I am using the above to create the file in S3 , but is there a way to use the KMS keys that I have to encrypt the file while pushing to S3 ?
1 answers
solution1
1 ACCPTED 2019-05-02 19:24:23
To use KMS encryption when adding an object use the server side encryption options:
-
ServerSideEncryption ="aws:kms"- to enable KMS encryption -
SSEKMSKeyId=keyId- to specify the KMS key you want to use for encryption. If you don't specify this, AWS will just use your default account key.
For example:
s3_resource.Bucket(bucket_name).put_object(
Key=s3_path,
Body=data,
ServerSideEncryption ="aws:kms"
)
You may also need to enable v4 signing in your boto configuration file.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
KMS encrypt file data using Boto3
Read a KMS encrypted file from S3
Python - Decrypt S3 image file, encrypted with CSE KMS
Boto3 AWS KMS encrypt and decrypt file
Difference between KMS encryption and S3 SSE
To push the file from lambda to s3
InvalidCiphertextException when calling kms.decrypt with S3 metadata
Unzip file from S3, write to a CSV file and push back to S3
How to create a thumb and push it to s3 using django-imagekit?
How can I push AWS CodeCommit to S3 using Lambda?
Related Tags